Personal tokens, as are for example SmartCards or Chipcards are used in a large variety of applications. Often, a Chipcard holder can use his personal chipcard in a plurality of host terminal devices in order to run one or more desired applications. In a program-driven interaction with the host site application program the desired application starts running after a so-called card holder verification—further referred to herein and abbreviated as CHV—has taken place.
A card holder is usually verified in prior art by prompting him for entry of his PIN which is a secret code shared between the chipcard memory and the chipcard holder only, e.g., 4 digits long. If the entered PIN is the same as that one stored in the memory of the chipcard the card holder is verified succesfully.
After said verification some data stored on the Chipcard and protected by said verification mechanism can be accessed by the program stored on the card or by the host application program the card is connected with.
In prior art systems depending of the application CHV can be temporarily suppressed by the authorized user whereby the use of the Chipcard is free from CHV. Then, however, the card and the data stored on it can be freely used by any person who possesses the card. Thus, there is always a static association between the data objects to be accessed on the card and CHV.
On the one hand any unprotected Chipcard can easily be misused by any third person possessing the card, e.g. in case of theft. Thus, CHV is very useful.
On the other hand CHV is inconvenient, however, especially in those cases in which a terminal device is used which is located in a trusted environment such as the card holders home. Here, the Chipcard user is always bothered with repetitive CHV.